6

I created a script that runs duplicity to backup files I have on a VPS,and uses a GPG key that I generated as a user.

When I try and run this script as SUDO I get:

GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: C7B2Y6DO: skipped: public key not found
gpg: [stdin]: encryption failed: public key not found ===== End GnuPG log =====

Now I realize why this is (because it's not SUDO's key, it's the users key) but before I go and re-generate a key for SUDO is it possible to have sudo use the users key?

Not really important but the script is modeled off a combination of these three sites: http://www.cenolan.com/2008/12/how-to-incremental-daily-backups-amazon-s3-duplicity/

http://www.randys.org/2007/11/16/how-to-automated-backups-to-amazon-s-s3-with-duplicity/

https://help.ubuntu.com/community/DuplicityBackupHowto

BassKozz
  • 645
  • 2
  • 8
  • 15

5 Answers5

6

Solution: Added the following to the bash script:

HOME=/home/user/

Fin

BassKozz
  • 645
  • 2
  • 8
  • 15
4

Have you tried the --homedir option?

Dennis Williamson
  • 60,515
  • 14
  • 113
  • 148
  • There is no --homedir option for duplicity, or atleast it's not working: Command line error: option --homedir not recognized – BassKozz Feb 07 '10 at 03:52
  • 3
    @BassKozz: You would use duplicity's `--gpg-options` option to pass the `--homedir` option to gpg: `duplicity ... --gpg-options "homedir=/home/username/.gnupg" ... ` (untested) – Dennis Williamson Feb 07 '10 at 07:48
  • 1
    @DennisWilliamson correct command is --gpg-options "--homedir=/home/username/.gnupg" – user66638 Mar 01 '17 at 08:04
3

I believe the default configuration of sudo is to preserve $HOME. So if you were logged in as user1, and used sudo scriptname where scriptname did echo $HOME, you should expect to see "/home/user1" echoed back, not "/root".

I'll assume BassKozz hasn't changed this. Perhaps he's not logged in as his desired user1, running the script as sudo. Perhaps he's really just running the script as root, for example through root's cronjob. In that case, his $HOME would never have been /home/user1 in the first place, so even if sudo preserves the value of $HOME it's not helping. In this case, any of the other answers that tell you how to set $HOME to the right value, or to inform gpg where your homedir is, should work.

If however, it's true as he says that he can't even run his duplicity script "as sudo"---that is, when logged in as user1 and typing sudo duplicity_script, then the problem is not going to be a wrongly-set $HOME. As we've seen, $HOME should in that case have the right value. So the problem is something else. I haven't heard enough, and don't know duplicity+gpg well enough, to speculate what it might be.

dubiousjim
  • 232
  • 1
  • 3
  • I agree with this answer. In my case it's not a problem with sudo's HOME or ~ being wrong because it works with encryption. But on decryption it ignores the passphrase even though that is passed. – Craig Hicks May 30 '18 at 17:14
1

If you use the "--preserve-env" option to sudo, then GPG in the sudo session will be able to find the gpg-agent running in the native session.

Example:

sudo --preserve-env YOUR_COMMAND...

0

are you sure you mean to be encrypting your backups with a users gpg key in the first place?

unless you have a separate backup of your gpg key(which I hope you do) you will be unable to decrypt any of the backups if you lost the contents of your home directory.

Justin
  • 3,776
  • 15
  • 20